260 matches found
EUVD-2026-43279
A security flaw has been discovered in DedeCMS 5.7.118. Impacted is an unknown function of the file /plus/search.php of the component Column Management. Performing a manipulation of the argument Column Name results in code injection. The attack is possible to be carried out remotely. The exploit...
CVE-2026-15194
A security flaw has been discovered in Open5GS 2.7.7. This affects the function amfcontextfinal of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and m...
PT-2026-55838
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the r str word get0set function within the libr/util/str.c file. This issue allows a local attacker to trigger the overflow through specific manipulation...
CVE-2026-14744
A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...
CVE-2026-14738 exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...
CVE-2026-14625
A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...
CVE-2026-13567
The CVE-2026-13567 entry affects code-projects Online Music Site 1.0 in the POST Request Handler’s /Frontend/Feedback.php. An attacker can manipulate parameters fname, femail, faddress, or fmessage to trigger cross-site scripting. The issue is remote-present with a publicly released exploit (Proo...
CVE-2026-12784
A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDANTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the...
PT-2026-51196
Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A security flaw exists in the PROXY ADMIN database API Key Generator component within the authenticate user function of the litellm/proxy/auth/login utils.py file. A remote attacker can...
PT-2026-49167
A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...
PT-2026-49148
A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...
CVE-2026-11556
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...
CVE-2026-7144
A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file updatepasswdprocess.php. The manipulation of the argument tempuser results in authorization bypass. The attack can be launched remotely. The exploit has been...
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initia...
CVE-2026-9627
A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched...
EUVD-2026-34543
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...
EUVD-2026-34258
A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manageuser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be...
PT-2026-46072
Name of the Vulnerable Software and Affected Versions gradio-app gradio version 6.14.0 Description A security flaw exists in the Audio Cache Key Handler component. Specifically, the save audio to cache function uses a weak hash, which can be manipulated. This issue requires a local position for...
EUVD-2026-33854
A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking...
CVE-2026-10257 itsourcecode Content Management System update_ss_img.php sql injection
A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...